BATRA-¥/KMS Project / 2 
Isaue of Smart Card based Driving 


Licences, Formation of State and Regional 
Key Management Authorities ‘and gee 


Appointment of Nodal Officer, 


GOVERNMENT OF MAHARASTRA 
HOME DEPART MENT ह र 


Governament Resolution no : MVD-1205/C,R.134/ TRA-4,° 
Mantralay, Mumbal- 400032, Dated- July 1, 2005. 


Read : 1) Transport Commissioner's, Maharashtra State, Mumbai, letter: 
no; ((/B.t 1/Computer/140/2005/Outward No- 2448, Dt. 21 st Feb., 2005, 
2) Govertir=nt of India’s (Miniatry of Communications and information — 
Technoloy;y, Depertment of information Technology, Nationai taformation 
Conira, A iX:ack, CGO Complex, Ledhi Road, New Deilil-116063.) 
0.0, letter No.NIC/TO(SKA)/2005/14, dated 11/01/2005, 


Government_Resclution : Tha Ministry of Road Transport and Highways In the 


Govt, of India has dacided to Implement the project of providing Smart Cerd based 


Driving Licences, 

1, In order to develop the smartcard based technology usage in Motor Vehicle 
Departments the Govt. of India has entered into a MoU. with Netional Informatics 
Centre, New Delhi. While using the Smart Card based technology it requiros Security 
measures and euthentication of Information stored in the smart card. For thie 
purpose “Key Management System" Is to be applied. This system is based cn three 
tiers, Which ara as follows- | | 
(1) Cantral Key Generation Authority .(CKGA) 

(2) State Key Management Authority { SKMA ) 

(3) Regional Key Management Authority (RKMA) 


(which includes Sub-Reigional Key Management Authority). 
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2. = “Natlonai. श्या Centre” in association with “Price Waterhouse Coopers’ 


has deve'.:eda SKI-Practice Statement (Key Management Proceedures) which has 
been approved by the Ministry of Road Tranport and Highways. Out of these ebove 
Mentioned tiers in the firet paase, the first Tax namely CKGA has been esiabilshed at 
NIC-New Delhi. Now, in the ‘socond ‘phese, SKMA Is to be establiched In the State 
Motor Vehicle Dapt. and in ihe third phase, RXMA is to be establiched in the offices of 
Regional Transport Offices & Sub RMA. in the offices of Deputy Feglonal Transport . 
Offices. 

3. Accordingly the Govt, of india vide its fetter dated 11-01-2005 has informed to 
establish SKMA end तत» and appoint the Nodal Officers. In this —o| the | 
Commissioner of शवा, Maharashtra eas: Mumbel vido its letter dated 
21-02-2005 has requestsd to appoint Deputy Transport Commissioner (Computer), 
Office of the Commissioner of Transport, Maharashtra Siete, Mumbeil as a $8 MA 
Nodal Officer. The Tranport Commissioner has also requsted to communicate the 
appointment of the Nodal Officer to the. Nodal officer, Central Key Generation: 
Authority ( CKGA ), Natfonai Informatics Centre,“ A" Block, CGO Complex, New deli. 
110 003. 


4. Now, vide this Governament Resolution, the sanction 15 accorded to establish’ 


"State Key Management Authority” and to appoint “Deputy Transport Commissioner 
(Computer), Office of the Commissioner of Transport, Maharashtra State, Bencra 
(East), Murbel- 400 051", as the SKMA Nodal Officer. The, sanction is also accorded 


to appoint the another SKMA Nodal Officer te help him and to look after the work of the 


१२ कन 
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first SKAZA Neds! Officer In his absence. The role and responsibilities of the SKMA 


have been shown In the appendix "A" attached herewith. 

5. Similarly, Regional Transport Officers and Deputy Regional Traneport Officers 
wherever the post of Raglonal Transport Officer does not exist are nominated to work 
as the RKMA. They would be associated by saniormost Deputy Regional Transport 
Officers or Assistant Regional Transport Officers as the case may te. The rote and 


responsibilities of RXMA have been shown In Annexure ’B’. . 


6. The concerned Cfficers working as SKMA, RKMA and Sub RXMA will be fully 
rasponsiblo to carry out thelr dutias and will be Hetts for stringant ection for their 
failure to obey the guidelines Issued from time to tims. Tha Commissioner of 


Transport is si:{itcriged to communicate tha names of the SKMA, RKMA and Sub RAMA 


Nedal Officers 90 79 "Cantra! Key. Generation Authority (CKGA)". 


By ordor and in the name cf the Coverner of Msherashtra, 


ट्र 
( Reme! i Shinde ) 


Doputy Secretary to tha Govt. 9 Meharastitra, 
Home department. 


To 


The Commissioner of Transport, Maharashtra Stato, Mumbai. 

Secretary ( Information Technology), General Administration Department, Mantreiaya , 
Mumbal-400 032. 

Deputy Transport Commissioner (Computer), Mahrrashiza Siate, 'tumbal. 

Shri. S.K. Sinha, Technicel Director, Government of Inia, Ministry of Communicetions 
and Information Technology, Department of information Technetogy, National 
Informatics Centre, "A" Block, CGO Complex, Lodhi Road, New Dalhi-110003. 

All RTO’s/ Deputy RTO’s 

Section Officer's (THA- 1,2,3, 5), Home Department, Manitralaya, Mumbai. 

Select file- TRA-4 
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Annexure ‘A' 
Symmetric Key Infrastructure 
Roles and Responsibilities 
State Key Management Authority 
° Authority Card Issuance :- The SKMA nodal officer should access and collate 


the request received from the RTO's in the state for varicus classes of master 
key cards and forward them to the CKGA nodal officer. (Refer Fonn RTSK1) 


° Authoritv_Card Issuance: The SKMA nodal officer should ensure that he 
receives from the CKGA officer, the same number and types of Authority 
cards (viz. 141, 1.2, EA and RA etc.) as requested for. 


* Authority Card Issuance» The SKMA nodal officer should collect the 


° Authority Card Issuance :-The SKMA nodal officer should send by a courier 
service/Fax/e-mail his/her confirmation to the CKGA nodat officer about 
his/her having brought the Authority cards safely to SKMA. 


' * Authority Card Issuance:- After collecting the Authority cards form the 
CKGA nodal officer, SKMA nodal officer should be responsible for 
the 


managing the distribution of the same to different trusted agents in 
* state. 


* Authority Card Issuance:- The SKMA nodal officer should inform the 
RKMA nodal officer within 1 working day by registered-post/Fax/e-mail and 
ask hinvher to collect Authority cards and their respective PINs from the 
SKMA. 

° Authority Card Issuance:- The SKMA nodal officer should match the 


along with the signatures received from the RKMA nodal 
officer with the records, 


° Authority Card issuance :- The SKMA nodal officer should maintain an 
RTO-wise distribution list for the Authority cards, containing the Authority 
card details and the details of the RTO/ RKMA nodal officer to whom the 
Authority cards and PIN's have been issued (Refer Form RTSK3) 


* Authority Card Issuance : SKMA Nodal Officer should update the Authonty 
card distribution list every time an RKMA Nodal Officer under it informs of 
a change of ownership of the Authority card (s) of other particulars of the 
existing Authority card (s) 


* Seourity Audit: The SKMA nodal efficer should ensure that an annual 
independent security audit of the physical and IT infrastructure of each RTO 
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within its jurisdiction to the extent used for the issuance of DL cards. 
location of SKMA system and safe keeping of the Authority cards, is carried 
out by a technical audit team deputed by NIC, initially and later by a 
responsible and reputed third party. 


* Security Audit :- In addition to the above.t he SKMA nodal officer should 
also visit the respective RTO from time to time, to inspect and ensure that the 
DLRC card issuance process, Authority card management procedures and the 
database management procedures are being strictly followed. 


* Safe Storage: The SKMA Nodal Officer should store the active and backup 
SKMA cards and their PIN's ina Thick Steel Safe having two lockers and 
in 4 manner such that: 


Locker 1 has, 
the active SKMA card, 
PIN for the backup SKMA card and. 
Locker 2 has. 
backup SKMA Card. 


* Physical _kevs to me lockers ; As mentioned above, each of the two lockers/ 
locker chambers will require a pair of keys to unlock. One key from every 
pair of keys should be in the custody of the SKMA nodal officer. The 
other key should be in the custody of another officer to be designated by 
SKMA Nodal Officer. 


* Safe Storage : The SKMA_ nodal officer should be physically present every 
time the two safes housing the backup SKMA card and its PIN are accessed. 


* Usage Counter : The SKMA nodal officer should reset the issuer Authority 
Cards (DLIAI, DLIA2. RCIA1 and RCIA2) Usage counter within 1 working 
day after receiving request from the RTO nodal officer. 


* Master Kev Compromise: On receiving request from the RKMA Nodal 
Officer for arranging the generation of another set of backup Authority cards 
within the period of 5 working days after being informed about Authority 
card compromise, the 5९१1५ nodal officer should forward the tequest to the 
CKGA nodal officer. 


* Master_Kev Compromise: The SKMA reédal officer should maintain an 
issuing authority-wise list of damaggd/lost/campromised Authority cards, 
which he would update every time a Authoriy card damagecompromise is 
Teported by any of the issuing authortty. 


* Master_Key Destruction: The SKMA Nodal @fficer should ensure that the 
compromised, damaged, faulty, Authgrity caf arc destroyed-physically and 
logically- in a manner that reasonably ensures “hai there are no residual 
remains of the key that could lead to the recerstnction of the key. 
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Master Key Destruction: The SKMA nodal officer should be responsibic for 
logging the Author'ty-card destruction activities, including the number and 
serial numbers of Authority cards, the date and time, names and designations 
of trusted agents‘officials present. The above log should be securely 
archived for a period of not fess. than 5 years. 


Master Key Destruction : The SKMA nodal officer should also inform the 
CKGA nodal officer about the destruction of the Authority cards along with 
the details. 


The SKMA Nodal Officer shall be responsible for managing the distribution 
of the PIN's of the Authority cards to the RKMA Nodal Officers in the state 
only after the SKMA nodal officer has handed over the Authority cards 
to them. 


AT the time of initial establishment of the Symmetric Key Infrastructure. 
concemed State Government should sppoint/designate the SKM{A nodal 
officer for the state and send by registered post. the SKMA nodal officer's 
name, and designation and identification details to the CKGA Nodal Officer. 


On being informed of the SKMA key card compromise. the SKMA Nodal 
Officer should ascertain that the SKMA card has actually been compromised 
before authorizing and approving the recovery of the backup SKMA Master 
Key card. 
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RTO Key Management Authority 


Each RTO shall have a designated RTO Key Management Authority (RKMA) 
nodal officer and his name, designation and identification details shall be 
communicated to SKMA Nodal Officer by the RTO. 


The RKMA nodal officer should be responsible for appoititing minimum two 
trusted agents/officials-Issuing Authorities (IA) each for issuance of DL and RC 
cards, 

The RKMA nodal officer record the name, designation. signature and 
photograph and other details of all LA's/EA’s/RA's and other ‘trusted agents 
within the jurisdiction of the RTO. 


Authority Card Issuance: The RKMA nodal officer should send the request for 


required number and Type of Authority Cards to SKMA Nodal Officer (Refer 
Form RTSK2). 


Safe Storage: The RKMA nodal officer should be responsible fot safe storage of 


the active and backup IA, RA and EA cards ift a Thick Steel Safe having Three 
lockers and in a manner sich that: 


Safe 1 has, * 
. Active IA] cards, 
» Initial PIN for active 132 cards, 
. Backup 12 cards, 
. PIN's for backup RA cards, 
Safe 2 has 
. Active 142 cards. 
. Initial PIN for active IA1 cards, 
. Backup 141 cards, 
. PIN's for backup EA cards. and 
Safe 3 has, 
- PIN's of the back up of [Al and LA2 cards and, 
Backup EA cards, 
Backup RA cards, 


Sate Storage: Active 181, LA2 cards must be stored in these safes as per the 
procedure mentioned above at the end of each working day and taken out at 
the start of next working day 


Safe Storage: IAi and IA2 cards should never be kept out of the safe, whenever 
they are not in use. 


Physical kevs to the safe: For the three suites mentioned above. each of the three 
safe/sage chambers will require a pair of kcys fo unlock. One key from every pair 

of keys should be in the custody of the RAMA nodal officer. The other key 

should be in the custody of the issuing authority. 
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Secunity Audit: The RTO nodal officer should ensure that the KMS software. 
made available by NIC on behalf of Ministry of Road Transport and Highways, 
Government of india is used for all DL related activities at the RTO. 


Master_Kev Issuance! The RKMA nodal officer should collect the Authority 
cards form SKMA nodal officer by producing a valid employee Id. 


Master Kev Issuance: The RKMA nodal officer should also collect the PIN's 
for the Authority cards from’ SKMA Nodal Officer by producing a valid 
employee Id. 


Master Kev Issuance : The RKMA nodal officer should furnish an 
acknowledgement for the receipt of Authority cards and PIN's to the SKMA 
nodal officer. 


Master Kev Issuance: It is the responsibility of the RKMA nodal officer to manage 
the distribution of the master key cards to the LA's/EA's and २.३५ in the RTO 
region. He should inform the [AEA and RA Officials to collect their respective 
master key cards by registered post within one working day. 


Master Key Issuance: The RKMA siodal officet sould ehaure that IA's’ EA's 
R's change their initial PINs imttediatety aftet teteiving their Authority cards. 


Master Key Issuance: The RKMA nodal officer should receive an 
acknowledgement from the LA's/EA's/RA’s after issuing them the master key 
cards and their initial PIN's. 


Master Kev Issuance: The RKMA nodal officer should be res, nsible for 
ensuring that two LA's( who will issue DL/RC ~ards in tanduui ) are provided 
with LA Authority cards which is a.:"‘1ue pair. 


Master ev Issuance: The RKMA nodal officer, after duly recording the 
Authotity card owner details, should send the acknowledgement back to the 
SKMA office where the acknowledgement number and other particulars 
pertaining to the Authority card owner should be recorded by SKMA Nodal 
Officer. 


Backup : The RKMA nodal officer should be phvaically present every time the 
three safes housing the LA, EA and RA and their backup master key cards and 
their PIN's are accessed. 


Usage Counter : The RKMA nodal officer should forward the request for 
resetting of LA usage counter received from the two L4’s to SKMA Nodal Officer. 


PIN Management.: The RKMA nodal officer should ensure that in the event of 
suspected PIN compromise, new:PIN’s are. generated by-all 14's EA'wRA's for 
their respective master key cards: in the-presence-of the RKMA Nodal Officer. 
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Master Kev_Cotmpromise: The RKMA Nodal Officer should Ue responsible for 
accessing the backup EA and RA Master Key Cards along with their PIN’s from 
the secure safes. These should be handed over to ERA only after the receipt of 

a Backup Key Acknowledgement’ form duly signed by the EA/RA. The said 
form should be archived for future records for a period of not less than, when 
the next audit is conducted, 


Master Key Recovery: The RKMA Nodal Officer should request the SKMA 
nodal officer to arrange for generation of another set of backup master keys 
cards within the expiry of 5 working davs after being informed about master key 
card damage/ loss/’ compromise. 


Master Kev Destruction: The RKMA nodal officer should ७९ responsible to 
ensure that all damaged Authority cards are retumed under sedled cover. to the 
SKMA nodal officer. This should also be included by a “Card destruction 
Request” which should clearly state the number and class of master key cards to be 


destroyed’ and the names and designations of officers who were the custodians of 
the said cards, 


Master Key Destruction: The RKMA nodal: officer along with the LA's should be 
responsible for securely destroying-physically and logically-the damaged, redundant 
DURC cards as per requirement, in a manner that key reconstruction is rendered 
impossible, 


Master Kev Destruction: The RKMA nodal officer should be responsible for 
maintaining the smart card destruction log, containing details ike the number of 
DURC's their scrial number, names and designations of the IA's/nodal officer 
present. This log should be securely archived until the technical audit takes place, 


In case of unavailability of either of the I.A’s the RKMA nodal officer should 
immediately take possession of the key to the secure safe of that IA. He/she 

should designate a new trusted official/agent as the new user of the LA. card and 
hand over the keys of the secure safe containing the IA card to him/her with 
instructions to change the PIN for the IA card immediately. 


1A_Card Issuance : the LA should fumish an acknowledgement on receipt of the 
master key cards and their PIN’s to the RKMA nodal officer. 


Kev Security: The two LA's should not carry their respective LA cards outside the 
office premises and securely store them in two separate secure safes inside the 
RKMA after the working hours. 


Safe Storage: The LA's should citsure that the रित cards after being generated 
are housed in either of the sectire safes used for storing the active set of LA catds, 


Usage Counter: Both the LA's should send: a requested. in writing, to RKMA 
to arrange for replenishment of the usage counter. 
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PIN Management: The two LA's should tot disclose the शाप of their LA cards to 
anvbody within or outside RTO. Even the two IA's should not share their PIN 
information with each other. 


DLURC Issuance: It is the responsibility of both the LA's to be present at the time 
of DL/RC key genetation. They should ensure that all’ the keys for the DL/RC 
card are generated and stored in the DL/RC card such that the DL/RC card is 
completely functional. 


DLURC_ Issuance: The LA's should be responsible for verifying, physically and with 
the RTO database, the correctness of applicant information in the DL/RCcard, 
after receiving the printed card from the card personalizer. 


DIARC Issuance: It should be the responsibility of the LA's to securely archive the 
जिर acknowledgetnent forms received from the DL/RC distributing officer 
for a period of not less than 5 years. 


री गड the responsibility यया LA to immediately inform the RKMA nodal officer 
in case of their unavailability / incapacity to perform his/her duties, 


i Key Compromise: If the LA believes there has been 2 compromise of / damage to 
his/her Authority card, he must promptly notify the RKMA nodal officer. 


Key Compromise: The IA should send a request, in writing, to the RKMA nodal 
officer to access the backup master key cards and their PIN's in an event of 
lose/damage/compromise of the master cards. 


DL/RC Destruction: In case of damage of / modification to the DL / RC card, the 
IA should be responsible for completely destroying the received DL/RC by 
inboking the ‘Comprehensive DL/RC Card Destruction’ procedure. 


ण. Destruction : The A's along with the RKMA nodal officer should be 
responsible for securely destroying-physically and logically-the damaged/ useless 
DLRC cards once a week, in a manner that key reconstruction is rendered 
impossible. 
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Annesure V 
FORMAT OF REQUISITION FORM FOR AUTHORITY CARDS 
From RTO to SKMA 
(From PTSK2) 


Request िळ्या............................. (RTO Ooffice) Request !प०....................................... Request 1346......................... 


Card = No. of Cardy Pairs Required* +” 
Pie 


* Card Type : DL-IA, DL-EA, DL-RA,RC-IARC-EA, RC-RA,RC-RTO,RC-TC, RC-FL,RC-IC or RC-PUCC. 
** No, of pairs in case of [A & No. of cards in all other cases 


Card Holder Information for each cartd is to be furnished in the following formats as the case may be : 


1) For IA Cards 
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2) Forcards otherthan TA Cards 
There wiltbe one row corresponding to each non-[A card .emtopmed om Table (1). For example, if the requestisfor two DL-EA 
cardsand ose RC-EAcard then, thetable will be in thefollowing format. 


FE : | “माक Name = | Office code” 


2 iL — = z 
कश a Ge ae कवकन SS ee 
A ह... |... करच bs 
न्य we 2 oo न्य ल वक ait tl Set ek ae 
Notes: 


* SLNo. - Serial Number as in Table-1, 
** Usage counter is the maxiswum numberof times a card can be used for a particular operation. Forexample, if the usage 
counterfor a DL-14 card is 100, # means that at the most 100 DL cards can be issued using this pair of JA cards. There is no १६५४० 
counter in case ef EA/RA cards for DL and RC. 


Signature 
Name & 
Designation 
(Of the Regional 
Key Authority) 
Abbreviations used: 
DL-Driving License RC-Registration Certificate 
SKMA-State Key Management Authority TA-Iseuing Authority EA-Endorsing Authority 
RA-Reviewing Authorily RTO-Regional Transport Officer TC-Tax Collecting authority 
Fi-Fitness Inspector : IC-Insurance company. PUCC-Pollution under contral Certificate 
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(Form RTSK 1) 

Request for Authority Cards from SKMA to CKGA for Authority Cards from SKMA to CKGA 
State/U.T. MAHARASHTRA STATE Letter No. 
Request No. 01/2005 Dated 
——— ee Authority Card Type ~~ [Tick [No.of Cards/Pairs Requirec Tick No. of Cards/Pairs Required“ 
L. a Sere का | 
/ DL-SKMA 1 CARD | 
DL-1A i 4PARS ___; 
{DL-EA | 4 CARDS : 


NODAL OFFICER . 
STATE KEY MANAGEMENT AUTHORITY. 
GOVERNMENT OF MAHARASHTRA 


Abbreviations used: 
CKGA- Central Key Generating Authority 
DL-Driving License RC-Registration Certificate 
SKMA-State Key Management Authority 1A-Issuing Authority 
EA-Endorsing Authority RA-Reviewing Authority 
STA-State Transport Authority RTO-Regional Transport. Officer 
TC-Tax Collecting Authority AU - Authorization authority 
Fl-Fitess Inspection IC-Insurance company. 


PUCC-Pollution under control Certificate 


